Nine! Nine new modules! (Ah ha ha!)

With the coming of autumn here in the Northern hemisphere, the nights are getting longer, and the hacking is getting stronger. We’ve really got something for everybody in this release, from IoT to infrastructure, Windows, and Linux; everyone’s pretty well-represented!

Windows has been patching several vulnerabilities lately, and we have modules for them! Metasploit’s own Spencer and Brendan have been working on bringing in work from others; Spencer wrote a Zerologon (CVE-2020-1472) module based on the work by Tom Tervoort, and Brendan wrote a module covering the PrinterDemon vulnerability (CVE-2020-1048) building on the work of Alex Ionescue and shubham0d.

Spencer also added a new SOCKS module to unite the tribes of proxies currently in Metasploit, with one module to rule them all, and in the darkness, bind them!

Not to be outdone, our own Shelby added to the module count with CVE-2017-1000353 and YAJDV (Yet another Java Deserialization Vulnerability) against everyone’s favorite devops tool, Jenkins. Now you can ask Jenkins to test your code or run it! While this vulnerability may be a bit older, we all know people miss patches, so it is worth checking out.

Rounding out the Metasploit team’s contributions are Grant and a new module to gather information on installed software on targets, and when we say targets, we mean it: Windows, Linux, Android, and Mac are all covered by this new gather module!

As if the Metasploit team’s contributions were not enough, we had some seriously high-quality work come in from our community members as well! Auth bypasses for Artica Proxy by Niboucha Redouane, Cloud Camera command injection by Pietro Olivia, VyOS escape by Rich Mirch and bcoles, and a SecureCRT password decryptor by cn-kali-team.

New modules (9)

Bugs fixed

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog
post from GitHub:

If you are a git user, you can clone the Metasploit Framework repo(master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial edition).